subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,296 views 6 comments
by anonymous
Hello All,

As above, what is the expected (max) IPSec throughput on RUT240 unit?


by anonymous

1 Answer

+1 vote
by anonymous


We've done tests, but only for RUT9XX. The max speed that we got was around 26 Mbit/s. The configuration used was:

IKE version: IKEv1
Mode: Main
Type: Tunnel

Phase 1:

  • Encryption algorithm: AES128
  • Authentication: MD5
  • DH group: MODP768

Phase 2:

  • Encryption algorithm: AES128
  • Authentication: MD5
  • PFS group: NO PFS
Best answer
by anonymous
Perfect! Thank you Dziugas
by anonymous
Thanks for posting this. Using RUT2_R_00.07.03.4 my results were only around half of the above—around 1.40MB/sec (~12Mbit/s).  It's pretty slow.

Would Wireguard be faster?
by anonymous
It should, on a RUTX11 I have a factor of two in favor of  Wireguard.
by anonymous
Thanks. In this case it's a RUT240. Not sure if that 2x would also apply here. I'll see if I can test later.
by anonymous
@flebourse In case you (or anyone else) were wondering, I stood up a Wireguard site-to-site tunnel today between a RUT240 running 7.03.4 and a pfSense firewall in a datacenter. The unit had been running an IKEv2 IPSEC tunnel previously. I disabled that and built a new WG configuration.

This unit only has a 100Mbit uplink, so not an ideal test of max. thruput, but I can say that the Wireguard tunnel performs very well, about 15% faster thruput, and uses only ~40% CPU where the IPsec was above 93% consistently while saturating the tunnel. So I'm going to stick with Wireguard and see how it goes.